thanks digip,
no we're not using native telnet.
we also use IBM's TN3270 with ssl and port 623 to encrypt the stream but my question is if I have the self-assigned certificate (BTW, it's static and never expires) and I can do MITM attack, will I be able to decrypt, hijack or even downgrade the connection to a terminal ??